CVE-2021-47301

HIGH7.8

igb: Fix use-after-free error during reset

Published May 21, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

igb: Fix use-after-free error during reset

Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring.

Failure to do so can cause invalid memory accesses. If igb_poll() runs while the controller is reset this can lead to the driver try to free a skb that was already freed.

(The crash is harder to reproduce with the igb driver, but the same potential problem exists as the code is identical to igc)

References

WEBhttps://git.kernel.org/stable/c/7b292608db23ccbbfbfa50cdb155d01725d7a52e WEBhttps://git.kernel.org/stable/c/88e0720133d42d34851c8721cf5f289a50a8710f WEBhttps://git.kernel.org/stable/c/8e24c12f2ff6d32fd9f057382f08e748ec97194c WEBhttps://git.kernel.org/stable/c/d3ccb18ed5ac3283c7b31ecc685b499e580d5492 WEBhttps://git.kernel.org/stable/c/d7367f781e5a9ca5df9082b15b272b55e76931f8 WEBhttps://git.kernel.org/stable/c/f153664d8e70c11d0371341613651e1130e20240 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2021-47301

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMay 21, 2024

ModifiedMay 4, 2025